/[packages]/cauldron/selinux-policy/current/SPECS/selinux-policy.spec
ViewVC logotype

Annotation of /cauldron/selinux-policy/current/SPECS/selinux-policy.spec

Parent Directory Parent Directory | Revision Log Revision Log


Revision 449604 - (hide annotations) (download)
Tue Jul 2 00:57:02 2013 UTC (11 years, 5 months ago) by spuhler
File size: 22574 byte(s)
- updated spec file from fedora
1 spuhler 290848 %define distro redhat
2     %define polyinstatiate n
3     %define monolithic n
4 spuhler 290933 %if %{?BUILD_DOC:0}%{!?BUILD_DOC:1}
5     %define BUILD_DOC 1
6     %endif
7 spuhler 290848 %if %{?BUILD_TARGETED:0}%{!?BUILD_TARGETED:1}
8     %define BUILD_TARGETED 1
9     %endif
10     %if %{?BUILD_MINIMUM:0}%{!?BUILD_MINIMUM:1}
11     %define BUILD_MINIMUM 1
12     %endif
13     %if %{?BUILD_MLS:0}%{!?BUILD_MLS:1}
14     %define BUILD_MLS 1
15     %endif
16 spuhler 449604 %define POLICYVER 29
17 spuhler 424692 %define POLICYCOREUTILSVER 2.1.14
18 spuhler 449604 %define CHECKPOLICYVER 2.1.12
19 spuhler 290933 Summary: SELinux policy configuration
20     Name: selinux-policy
21 spuhler 424692 Version: 3.12.1
22     Release: %mkrel 1
23 spuhler 290933 License: GPLv2+
24     Group: System/Base
25 spuhler 449604 Url: http://oss.tresys.com/repos/refpolicy/
26 spuhler 290933 Source: serefpolicy-%{version}.tgz
27 spuhler 449604 Patch0: policy-cauldron-base.patch
28     Patch1: policy-cauldron-contrib.patch
29     #Patch2: policy_contrib-rawhide-roleattribute.patch
30     Source1: modules-targeted-base.conf
31 spuhler 290933 Source2: booleans-targeted.conf
32     Source3: Makefile.devel
33     Source4: setrans-targeted.conf
34 spuhler 449604 Source5: modules-mls-base.conf
35 spuhler 290933 Source6: booleans-mls.conf
36     Source8: setrans-mls.conf
37     Source14: securetty_types-targeted
38     Source15: securetty_types-mls
39 spuhler 449604 # Source16: modules-minimum.conf
40 spuhler 290933 Source17: booleans-minimum.conf
41     Source18: setrans-minimum.conf
42     Source19: securetty_types-minimum
43     Source20: customizable_types
44     Source21: config.tgz
45     Source22: users-mls
46     Source23: users-targeted
47     Source25: users-minimum
48     Source26: file_contexts.subs_dist
49     Source27: selinux-policy.conf
50     Source28: permissivedomains.pp
51     Source29: serefpolicy-contrib-%{version}.tgz
52     Source30: booleans.subs_dist
53 spuhler 449604 Source31: modules-targeted-contrib.conf
54     Source32: modules-mls-contrib.conf
55 spuhler 291423 BuildRequires: python
56     BuildRequires: gawk
57     BuildRequires: checkpolicy >= %{CHECKPOLICYVER}
58 spuhler 290933 BuildRequires: m4
59 spuhler 449604 BuildRequires: policycoreutils-devel >= %{POLICYCOREUTILSVER}
60 spuhler 290933 BuildRequires: bzip2
61 spuhler 449604 Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
62     Requires(post): awk sha512sum
63 spuhler 291423 Requires: checkpolicy >= %{CHECKPOLICYVER}
64 spuhler 449604 BuildArch: noarch
65 spuhler 290848
66 spuhler 290933 %description
67 spuhler 290848 SELinux Base package
68    
69 spuhler 290933 %files
70 spuhler 290848 %dir %{_usr}/share/selinux
71 spuhler 290933 %dir %{_usr}/share/selinux/packages
72 spuhler 290848 %dir %{_sysconfdir}/selinux
73     %ghost %config(noreplace) %{_sysconfdir}/selinux/config
74     %ghost %{_sysconfdir}/sysconfig/selinux
75 spuhler 290933 %{_usr}/lib/tmpfiles.d/selinux-policy.conf
76    
77     %package devel
78 spuhler 291169 Summary: SELinux policy devel
79     Group: System/Base
80     Requires(pre): selinux-policy = %{version}-%{release}
81 spuhler 449604 Requires: m4
82     Requires: checkpolicy >= %{CHECKPOLICYVER}
83     Requires: make
84 spuhler 290933
85     %description devel
86     SELinux policy development and man page package
87    
88     %files devel
89     %{_mandir}/man*/*
90     %{_mandir}/ru/*/*
91     %dir %{_usr}/share/selinux/devel
92     %dir %{_usr}/share/selinux/devel/include
93 spuhler 290848 %{_usr}/share/selinux/devel/include/*
94 spuhler 449604 %dir %{_usr}/share/selinux/devel/html
95     %{_usr}/share/selinux/devel/html/*html
96 spuhler 290848 %{_usr}/share/selinux/devel/Makefile
97     %{_usr}/share/selinux/devel/example.*
98 spuhler 449604 %{_usr}/share/selinux/devel/policy.*
99 spuhler 290848
100     %package doc
101 spuhler 291169 Summary: SELinux policy documentation
102     Group: System/Base
103     Requires(pre): selinux-policy = %{version}-%{release}
104     Requires: xdg-utils
105 spuhler 290848
106     %description doc
107     SELinux policy documentation package
108    
109     %files doc
110     %doc %{_usr}/share/doc/%{name}-%{version}
111     %attr(755,root,root) %{_usr}/share/selinux/devel/policyhelp
112    
113 spuhler 449604
114 spuhler 290933 %define makeCmds() \
115     make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 bare \
116     make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 conf \
117     cp -f selinux_config/booleans-%1.conf ./policy/booleans.conf \
118     cp -f selinux_config/users-%1 ./policy/users \
119 spuhler 424692 #cp -f selinux_config/modules-%1-base.conf ./policy/modules.conf \
120 spuhler 290848
121 spuhler 424692 %define makeModulesConf() \
122     cp -f selinux_config/modules-%1-%2.conf ./policy/modules-base.conf \
123     cp -f selinux_config/modules-%1-%2.conf ./policy/modules.conf \
124     if [ %3 == "contrib" ];then \
125     cp selinux_config/modules-%1-%3.conf ./policy/modules-contrib.conf; \
126     cat selinux_config/modules-%1-%3.conf >> ./policy/modules.conf; \
127     fi; \
128    
129 spuhler 290848 %define installCmds() \
130 spuhler 424692 make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 SEMOD_EXP="/usr/bin/semodule_expand -a" base.pp \
131     make validate UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} MLS_CATS=1024 MCS_CATS=1024 SEMOD_EXP="/usr/bin/semodule_expand -a" modules \
132 spuhler 290933 make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} MLS_CATS=1024 MCS_CATS=1024 install \
133     make UNK_PERMS=%4 NAME=%1 TYPE=%2 DISTRO=%{distro} UBAC=n DIRECT_INITRC=%3 MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} MLS_CATS=1024 MCS_CATS=1024 install-appconfig \
134     %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/logins \
135 spuhler 290848 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/policy \
136 spuhler 290933 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules \
137 spuhler 290848 %{__mkdir} -p %{buildroot}/%{_sysconfdir}/selinux/%1/contexts/files \
138     touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
139     touch %{buildroot}/%{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
140     rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/booleans \
141     touch %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
142 spuhler 290933 touch %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \
143     install -m0644 selinux_config/securetty_types-%1 %{buildroot}%{_sysconfdir}/selinux/%1/contexts/securetty_types \
144     install -m0644 selinux_config/file_contexts.subs_dist %{buildroot}%{_sysconfdir}/selinux/%1/contexts/files \
145     install -m0644 selinux_config/setrans-%1.conf %{buildroot}%{_sysconfdir}/selinux/%1/setrans.conf \
146     install -m0644 selinux_config/customizable_types %{buildroot}%{_sysconfdir}/selinux/%1/contexts/customizable_types \
147     touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/seusers \
148     touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.local \
149     touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/nodes.local \
150     touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users_extra.local \
151     touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/users.local \
152 spuhler 424692 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.homedirs.bin \
153     touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/file_contexts.bin \
154 spuhler 290933 cp %{SOURCE30} %{buildroot}%{_sysconfdir}/selinux/%1 \
155     bzip2 -c %{buildroot}/%{_usr}/share/selinux/%1/base.pp > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/base.pp \
156     rm -f %{buildroot}/%{_usr}/share/selinux/%1/base.pp \
157     for i in %{buildroot}/%{_usr}/share/selinux/%1/*.pp; do bzip2 -c $i > %{buildroot}/%{_sysconfdir}/selinux/%1/modules/active/modules/`basename $i`; done \
158     rm -f %{buildroot}/%{_usr}/share/selinux/%1/*pp* \
159 spuhler 424692 touch %{buildroot}%{_sysconfdir}/selinux/%1/modules/active/modules/sandbox.disabled \
160 spuhler 290933 /usr/sbin/semodule -s %1 -n -B -p %{buildroot}; \
161     /usr/bin/sha512sum %{buildroot}%{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} | cut -d' ' -f 1 > %{buildroot}%{_sysconfdir}/selinux/%1/.policy.sha512; \
162     rm -rf %{buildroot}%{_sysconfdir}/selinux/%1/contexts/netfilter_contexts \
163     rm -f %{buildroot}/%{_sysconfigdir}/selinux/%1/modules/active/policy.kern
164 spuhler 290848 %nil
165    
166     %define fileList() \
167     %defattr(-,root,root) \
168     %dir %{_usr}/share/selinux/%1 \
169     %dir %{_sysconfdir}/selinux/%1 \
170     %config(noreplace) %{_sysconfdir}/selinux/%1/setrans.conf \
171 spuhler 290933 %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/seusers \
172     %dir %{_sysconfdir}/selinux/%1/logins \
173 spuhler 290848 %dir %{_sysconfdir}/selinux/%1/modules \
174 spuhler 290933 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/semanage.read.LOCK \
175     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/semanage.trans.LOCK \
176     %dir %attr(700,root,root) %dir %{_sysconfdir}/selinux/%1/modules/active \
177     %dir %{_sysconfdir}/selinux/%1/modules/active/modules \
178     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/policy.kern \
179     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/commit_num \
180     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/base.pp \
181     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts \
182     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts.homedirs \
183     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/file_contexts.template \
184     %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/seusers.final \
185     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/netfilter_contexts \
186     %config(noreplace) %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/users_extra \
187     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/homedir_template \
188     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/modules/*.pp \
189 spuhler 424692 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/modules/active/modules/sandbox.disabled \
190 spuhler 290933 %ghost %{_sysconfdir}/selinux/%1/modules/active/*.local \
191 spuhler 424692 %ghost %{_sysconfdir}/selinux/%1/modules/active/*.bin \
192 spuhler 290933 %ghost %{_sysconfdir}/selinux/%1/modules/active/seusers \
193 spuhler 290848 %dir %{_sysconfdir}/selinux/%1/policy/ \
194 spuhler 290933 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/policy/policy.%{POLICYVER} \
195     %{_sysconfdir}/selinux/%1/.policy.sha512 \
196 spuhler 290848 %dir %{_sysconfdir}/selinux/%1/contexts \
197     %config %{_sysconfdir}/selinux/%1/contexts/customizable_types \
198     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/securetty_types \
199     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/dbus_contexts \
200     %config %{_sysconfdir}/selinux/%1/contexts/x_contexts \
201     %config %{_sysconfdir}/selinux/%1/contexts/default_contexts \
202 spuhler 290933 %config %{_sysconfdir}/selinux/%1/contexts/virtual_domain_context \
203     %config %{_sysconfdir}/selinux/%1/contexts/virtual_image_context \
204     %config %{_sysconfdir}/selinux/%1/contexts/lxc_contexts \
205     %config %{_sysconfdir}/selinux/%1/contexts/sepgsql_contexts \
206 spuhler 290848 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/default_type \
207     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/failsafe_context \
208     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/initrc_context \
209     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/removable_context \
210     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/userhelper_context \
211     %dir %{_sysconfdir}/selinux/%1/contexts/files \
212 spuhler 290933 %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts \
213     %verify(not md5 size mtime) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.homedirs \
214 spuhler 424692 %ghost %{_sysconfdir}/selinux/%1/contexts/files/*.bin \
215 spuhler 290933 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.local \
216     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs \
217     %{_sysconfdir}/selinux/%1/contexts/files/file_contexts.subs_dist \
218     %{_sysconfdir}/selinux/%1/booleans.subs_dist \
219 spuhler 290848 %config %{_sysconfdir}/selinux/%1/contexts/files/media \
220     %dir %{_sysconfdir}/selinux/%1/contexts/users \
221     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/root \
222     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/guest_u \
223     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/xguest_u \
224     %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/user_u \
225 spuhler 290933 %config(noreplace) %{_sysconfdir}/selinux/%1/contexts/users/staff_u
226 spuhler 290848
227     %define relabel() \
228     . %{_sysconfdir}/selinux/config; \
229     FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
230 spuhler 290933 /usr/sbin/selinuxenabled; \
231     if [ $? = 0 -a "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.pre ]; then \
232     /sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null; \
233     rm -f ${FILE_CONTEXT}.pre; \
234 spuhler 424692 fi; \
235     if /sbin/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then \
236     continue; \
237     fi; \
238     if /sbin/restorecon -R /home/*/.cache /home/*/.config 2> /dev/null;then \
239     continue; \
240 spuhler 290848 fi;
241    
242 spuhler 290933 %define preInstall() \
243     if [ $1 -ne 1 ] && [ -s /etc/selinux/config ]; then \
244     . %{_sysconfdir}/selinux/config; \
245     FILE_CONTEXT=%{_sysconfdir}/selinux/%1/contexts/files/file_contexts; \
246     if [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT} ]; then \
247     [ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre; \
248     fi; \
249     touch /etc/selinux/%1/.rebuild; \
250     if [ -e /etc/selinux/%1/.policy.sha512 ]; then \
251     sha512=`sha512sum /etc/selinux/%1/modules/active/policy.kern | cut -d ' ' -f 1`; \
252     checksha512=`cat /etc/selinux/%1/.policy.sha512`; \
253     if [ "$sha512" == "$checksha512" ] ; then \
254     rm /etc/selinux/%1/.rebuild; \
255     fi; \
256     fi; \
257     fi;
258    
259     %define postInstall() \
260     . %{_sysconfdir}/selinux/config; \
261     if [ -e /etc/selinux/%2/.rebuild ]; then \
262     rm /etc/selinux/%2/.rebuild; \
263 spuhler 424692 (cd /etc/selinux/%2/modules/active/modules; rm -f l2tpd.pp shutdown.pp amavis.pp clamav.pp gnomeclock.pp matahari.pp xfs.pp kudzu.pp kerneloops.pp execmem.pp openoffice.pp ada.pp tzdata.pp hal.pp hotplug.pp howl.pp java.pp mono.pp moilscanner.pp gamin.pp audio_entropy.pp audioentropy.pp iscsid.pp polkit_auth.pp polkit.pp rtkit_daemon.pp ModemManager.pp telepathysofiasip.pp ethereal.pp passanger.pp qpidd.pp pyzor.pp razor.pp pki-selinux.pp phpfpm.pp consoletype.pp ctdbd.pp fcoemon.pp isnsd.pp rgmanager.pp corosync.pp aisexec.pp pacemaker.pp ) \
264 spuhler 290933 /usr/sbin/semodule -B -n -s %2; \
265 spuhler 424692 else \
266     touch /etc/selinux/%2/modules/active/modules/sandbox.disabled \
267 spuhler 290933 fi; \
268     [ "${SELINUXTYPE}" == "%2" ] && selinuxenabled && load_policy; \
269     if [ %1 -eq 1 ]; then \
270 spuhler 424692 /sbin/restorecon -R /root /var/log /run 2> /dev/null; \
271 spuhler 290933 else \
272     %relabel %2 \
273     fi;
274    
275     %define modulesList() \
276 spuhler 424692 awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules-base.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules-base.lst \
277     if [ -e ./policy/modules-contrib.conf ];then \
278     awk '$1 !~ "/^#/" && $2 == "=" && $3 == "module" { printf "%%s.pp ", $1 }' ./policy/modules-contrib.conf > %{buildroot}/%{_usr}/share/selinux/%1/modules-contrib.lst; \
279     fi;
280 spuhler 290933
281 spuhler 290848 %description
282     SELinux Reference Policy - modular.
283 spuhler 290933 Based off of reference policy: Checked out revision 2.20091117
284 spuhler 449604
285 spuhler 290848 %build
286    
287 spuhler 290933 %prep
288     %setup -n serefpolicy-contrib-%{version} -q -b 29
289     %patch1 -p1
290     contrib_path=`pwd`
291 spuhler 290848 %setup -n serefpolicy-%{version} -q
292 spuhler 424692 %patch0 -p1
293 spuhler 290933 refpolicy_path=`pwd`
294     cp $contrib_path/* $refpolicy_path/policy/modules/contrib
295 spuhler 290848
296     %install
297 spuhler 290933 mkdir selinux_config
298 spuhler 449604 for i in %{SOURCE1} %{SOURCE2} %{SOURCE3} %{SOURCE4} %{SOURCE5} %{SOURCE6} %{SOURCE8} %{SOURCE14} %{SOURCE15} %{SOURCE17} %{SOURCE18} %{SOURCE19} %{SOURCE20} %{SOURCE21} %{SOURCE22} %{SOURCE23} %{SOURCE25} %{SOURCE26} %{SOURCE31} %{SOURCE32};do
299 spuhler 290933 cp $i selinux_config
300     done
301     tar zxvf selinux_config/config.tgz
302 spuhler 290848 # Build targeted policy
303     %{__rm} -fR %{buildroot}
304     mkdir -p %{buildroot}%{_sysconfdir}/selinux
305     mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
306     touch %{buildroot}%{_sysconfdir}/selinux/config
307     touch %{buildroot}%{_sysconfdir}/sysconfig/selinux
308 spuhler 290933 mkdir -p %{buildroot}%{_usr}/lib/tmpfiles.d/
309     cp %{SOURCE27} %{buildroot}%{_usr}/lib/tmpfiles.d/
310 spuhler 290848
311     # Always create policy module package directories
312 spuhler 290933 mkdir -p %{buildroot}%{_usr}/share/selinux/{targeted,mls,minimum,modules}/
313 spuhler 290848
314     # Install devel
315     make clean
316     %if %{BUILD_TARGETED}
317     # Build targeted policy
318     # Commented out because only targeted ref policy currently builds
319 spuhler 290933 mkdir -p %{buildroot}%{_usr}/share/selinux/targeted
320     cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/targeted
321     %makeCmds targeted mcs n allow
322 spuhler 449604 %makeModulesConf targeted base contrib
323 spuhler 290933 %installCmds targeted mcs n allow
324 spuhler 449604 %modulesList targeted
325 spuhler 290848 %endif
326    
327     %if %{BUILD_MINIMUM}
328     # Build minimum policy
329     # Commented out because only minimum ref policy currently builds
330 spuhler 290933 mkdir -p %{buildroot}%{_usr}/share/selinux/minimum
331     cp %{SOURCE28} %{buildroot}/%{_usr}/share/selinux/minimum
332     %makeCmds minimum mcs n allow
333 spuhler 449604 %makeModulesConf targeted base contrib
334 spuhler 290933 %installCmds minimum mcs n allow
335     %modulesList minimum
336 spuhler 290848 %endif
337    
338     %if %{BUILD_MLS}
339     # Build mls policy
340 spuhler 290933 %makeCmds mls mls n deny
341 spuhler 449604 %makeModulesConf mls base contrib
342 spuhler 290933 %installCmds mls mls n deny
343 spuhler 449604 %modulesList mls
344 spuhler 290848 %endif
345    
346 spuhler 290933 mkdir -p %{buildroot}%{_mandir}
347     cp -R man/* %{buildroot}%{_mandir}
348     make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} MLS_CATS=1024 MCS_CATS=1024 install-docs
349     make UNK_PERMS=allow NAME=targeted TYPE=mcs DISTRO=%{distro} UBAC=n DIRECT_INITRC=n MONOLITHIC=%{monolithic} DESTDIR=%{buildroot} PKGNAME=%{name}-%{version} MLS_CATS=1024 MCS_CATS=1024 install-headers
350 spuhler 290848 mkdir %{buildroot}%{_usr}/share/selinux/devel/
351     mv %{buildroot}%{_usr}/share/selinux/targeted/include %{buildroot}%{_usr}/share/selinux/devel/include
352 spuhler 290933 install -m 644 selinux_config/Makefile.devel %{buildroot}%{_usr}/share/selinux/devel/Makefile
353 spuhler 290848 install -m 644 doc/example.* %{buildroot}%{_usr}/share/selinux/devel/
354     install -m 644 doc/policy.* %{buildroot}%{_usr}/share/selinux/devel/
355     echo "xdg-open file:///usr/share/doc/selinux-policy-%{version}/html/index.html"> %{buildroot}%{_usr}/share/selinux/devel/policyhelp
356     chmod +x %{buildroot}%{_usr}/share/selinux/devel/policyhelp
357 spuhler 449604 /usr/bin/sepolicy manpage -a -p %{buildroot}/usr/share/man/man8/ -w -r %{buildroot}
358     mkdir %{buildroot}%{_usr}/share/selinux/devel/html
359     htmldir=`compgen -d %{buildroot}%{_usr}/share/man/man8/`
360     mv ${htmldir}/* %{buildroot}%{_usr}/share/selinux/devel/html
361     rm -rf ${htmldir}
362 spuhler 290933 mkdir %{buildroot}%{_usr}/share/selinux/packages/
363 spuhler 290848
364 spuhler 290933 rm -rf selinux_config
365 spuhler 290848 %clean
366     %{__rm} -fR %{buildroot}
367    
368     %post
369     if [ ! -s /etc/selinux/config ]; then
370 spuhler 290933 #
371     # New install so we will default to targeted policy
372     #
373     echo "
374 spuhler 290848 # This file controls the state of SELinux on the system.
375     # SELINUX= can take one of these three values:
376 spuhler 290933 # enforcing - SELinux security policy is enforced.
377     # permissive - SELinux prints warnings instead of enforcing.
378     # disabled - No SELinux policy is loaded.
379 spuhler 290848 SELINUX=enforcing
380     # SELINUXTYPE= can take one of these two values:
381 spuhler 290933 # targeted - Targeted processes are protected,
382     # minimum - Modification of targeted policy. Only selected processes are protected.
383     # mls - Multi Level Security protection.
384     SELINUXTYPE=targeted
385 spuhler 290848
386     " > /etc/selinux/config
387    
388 spuhler 290933 ln -sf ../selinux/config /etc/sysconfig/selinux
389     restorecon /etc/selinux/config 2> /dev/null || :
390 spuhler 290848 else
391 spuhler 290933 . /etc/selinux/config
392     # if first time update booleans.local needs to be copied to sandbox
393     [ -f /etc/selinux/${SELINUXTYPE}/booleans.local ] && mv /etc/selinux/${SELINUXTYPE}/booleans.local /etc/selinux/targeted/modules/active/
394     [ -f /etc/selinux/${SELINUXTYPE}/seusers ] && cp -f /etc/selinux/${SELINUXTYPE}/seusers /etc/selinux/${SELINUXTYPE}/modules/active/seusers
395 spuhler 290848 fi
396     exit 0
397    
398     %postun
399     if [ $1 = 0 ]; then
400 spuhler 290933 setenforce 0 2> /dev/null
401     if [ ! -s /etc/selinux/config ]; then
402     echo "SELINUX=disabled" > /etc/selinux/config
403     else
404     sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
405     fi
406 spuhler 290848 fi
407     exit 0
408    
409     %if %{BUILD_TARGETED}
410     %package targeted
411 spuhler 449604 Summary: SELinux targeted base policy
412     Provides: selinux-policy-base = %{version}-%{release}
413     Group: System Environment/Base
414     Obsoletes: selinux-policy-targeted-sources < 2
415     Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
416     Requires(pre): coreutils
417     Requires(pre): selinux-policy = %{version}-%{release}
418     Requires: selinux-policy = %{version}-%{release}
419     Conflicts: audispd-plugins <= 1.7.7-1
420     Obsoletes: mod_fcgid-selinux <= %{version}-%{release}
421     Obsoletes: cachefilesd-selinux <= 0.10-1
422     Conflicts: seedit
423     Conflicts: 389-ds-base < 1.2.7, 389-admin < 1.1.12
424     Conflicts: pki-selinux < 10-0.0-0.45.b1
425 spuhler 290848
426     %description targeted
427     SELinux Reference policy targeted base module.
428    
429     %pre targeted
430 spuhler 290933 %preInstall targeted
431 spuhler 290848
432     %post targeted
433 spuhler 290933 %postInstall $1 targeted
434 spuhler 290848 exit 0
435    
436 spuhler 449604 %triggerpostun targeted -- selinux-policy-targeted < 3.12.1-7.fc19
437 spuhler 290933 restorecon -R -p /home
438 spuhler 290848 exit 0
439    
440     %files targeted
441 spuhler 290933 %defattr(-,root,root,-)
442 spuhler 290848 %config(noreplace) %{_sysconfdir}/selinux/targeted/contexts/users/unconfined_u
443     %fileList targeted
444 spuhler 449604 %{_usr}/share/selinux/targeted/modules-base.lst
445     %{_usr}/share/selinux/targeted/modules-contrib.lst
446 spuhler 290848 %endif
447    
448     %if %{BUILD_MINIMUM}
449     %package minimum
450 spuhler 449604 Summary: SELinux minimum base policy
451     Provides: selinux-policy-base = %{version}-%{release}
452     Group: System Environment/Base
453 spuhler 290933 Requires(post): policycoreutils-python >= %{POLICYCOREUTILSVER}
454 spuhler 449604 Requires(pre): coreutils
455     Requires(pre): selinux-policy = %{version}-%{release}
456     Requires: selinux-policy = %{version}-%{release}
457     Conflicts: seedit
458 spuhler 290848
459     %description minimum
460     SELinux Reference policy minimum base module.
461    
462     %pre minimum
463 spuhler 290933 %preInstall minimum
464     if [ $1 -ne 1 ]; then
465 spuhler 449604 /usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ if ($3 != "Disabled") print $1; }' > /usr/share/selinux/minimum/instmodules.lst
466 spuhler 290933 fi
467 spuhler 290848
468     %post minimum
469 spuhler 449604 contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst`
470     basepackages=`cat /usr/share/selinux/minimum/modules-base.lst`
471 spuhler 290848 if [ $1 -eq 1 ]; then
472 spuhler 449604 for p in $contribpackages; do
473     touch /etc/selinux/minimum/modules/active/modules/$p.disabled
474 spuhler 290933 done
475 spuhler 449604 for p in $basepackages apache.pp dbus.pp inetd.pp kerberos.pp mta.pp nis.pp; do
476     rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled
477 spuhler 290933 done
478     /usr/sbin/semanage -S minimum -i - << __eof
479 spuhler 290848 login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
480     login -m -s unconfined_u -r s0-s0:c0.c1023 root
481     __eof
482 spuhler 290933 /sbin/restorecon -R /root /var/log /var/run 2> /dev/null
483     /usr/sbin/semodule -B -s minimum
484 spuhler 290848 else
485 spuhler 290933 instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
486 spuhler 449604 for p in $contribpackages; do
487 spuhler 290933 touch /etc/selinux/minimum/modules/active/modules/$p.disabled
488     done
489 spuhler 449604 for p in $instpackages apache dbus inetd kerberos mta nis; do
490 spuhler 290933 rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled
491     done
492     /usr/sbin/semodule -B -s minimum
493 spuhler 290848 %relabel minimum
494     fi
495     exit 0
496    
497     %files minimum
498 spuhler 449604 %defattr(-,root,root,-)
499 spuhler 290848 %config(noreplace) %{_sysconfdir}/selinux/minimum/contexts/users/unconfined_u
500     %fileList minimum
501 spuhler 449604 %{_usr}/share/selinux/minimum/modules-base.lst
502     %{_usr}/share/selinux/minimum/modules-contrib.lst
503 spuhler 290848 %endif
504    
505     %if %{BUILD_MLS}
506 spuhler 290933 %package mls
507 spuhler 449604 Summary: SELinux mls base policy
508     Group: System Environment/Base
509     Provides: selinux-policy-base = %{version}-%{release}
510     Obsoletes: selinux-policy-mls-sources < 2
511     Requires: policycoreutils-newrole >= %{POLICYCOREUTILSVER} setransd
512     Requires(pre): policycoreutils >= %{POLICYCOREUTILSVER}
513     Requires(pre): coreutils
514     Requires(pre): selinux-policy = %{version}-%{release}
515     Requires: selinux-policy = %{version}-%{release}
516     Conflicts: seedit
517 spuhler 290848
518 spuhler 290933 %description mls
519 spuhler 290848 SELinux Reference policy mls base module.
520    
521 spuhler 290933 %pre mls
522     %preInstall mls
523 spuhler 290848
524 spuhler 290933 %post mls
525     %postInstall $1 mls
526 spuhler 290848
527     %files mls
528 spuhler 290933 %defattr(-,root,root,-)
529 spuhler 290848 %config(noreplace) %{_sysconfdir}/selinux/mls/contexts/users/unconfined_u
530     %fileList mls
531 spuhler 449604 %{_usr}/share/selinux/mls/modules-base.lst
532     %{_usr}/share/selinux/mls/modules-contrib.lst
533     %endif

  ViewVC Help
Powered by ViewVC 1.1.30